X-Git-Url: https://git.saurik.com/apple/javascriptcore.git/blobdiff_plain/81345200c95645a1b0d2635520f96ad55dfde63f..ed1e77d3adeb83d26fd1dfb16dd84cabdcefd250:/runtime/ArrayBufferView.h?ds=sidebyside

diff --git a/runtime/ArrayBufferView.h b/runtime/ArrayBufferView.h
index ea7cd5a..3fc10b0 100644
--- a/runtime/ArrayBufferView.h
+++ b/runtime/ArrayBufferView.h
@@ -77,22 +77,20 @@ public:
 
     JS_EXPORT_PRIVATE virtual ~ArrayBufferView();
 
+    // Helper to verify byte offset is size aligned.
+    static bool verifyByteOffsetAlignment(unsigned byteOffset, size_t size)
+    {
+        return !(byteOffset & (size - 1));
+    }
+
     // Helper to verify that a given sub-range of an ArrayBuffer is
     // within range.
-    // FIXME: This should distinguish between alignment errors and bounds errors.
-    // https://bugs.webkit.org/show_bug.cgi?id=125391
-    template <typename T>
-    static bool verifySubRange(
-        PassRefPtr<ArrayBuffer> buffer,
-        unsigned byteOffset,
-        unsigned numElements)
+    static bool verifySubRangeLength(PassRefPtr<ArrayBuffer> buffer, unsigned byteOffset, unsigned numElements, size_t size)
     {
         unsigned byteLength = buffer->byteLength();
-        if (sizeof(T) > 1 && byteOffset % sizeof(T))
-            return false;
         if (byteOffset > byteLength)
             return false;
-        unsigned remainingElements = (byteLength - byteOffset) / sizeof(T);
+        unsigned remainingElements = (byteLength - byteOffset) / size;
         if (numElements > remainingElements)
             return false;
         return true;